nasl command line output

Discussion:

Richard van den Berg

2007-07-27 09:55:51 UTC

I use the nasl command line tool all the time to manually run nasl
scripts. I was very surprised to see the blog entry at
http://blog.tenablesecurity.com/2007/06/using-the-nasl-.html display
actual output from a nasl script. All I get when I run nasl on the
command line is "Succes!" or nothing (meaning failure).

Is there a way for the nasl command line tool to actually display the
output from the security_hole() and security_warning() nasl functions?

Sincerely,

Richard van den Berg

Ron Gula

2007-07-27 10:36:56 UTC

Permalink

The plugins you are running may be writing to the KB and not directly
reporting. Also, the plugins you are running might not be working the
way you expect them to. Have you tried tracing them with the -T option
to make sure they are executing correctly?

Ron Gula

Post by Richard van den Berg
I use the nasl command line tool all the time to manually run nasl
scripts. I was very surprised to see the blog entry at
http://blog.tenablesecurity.com/2007/06/using-the-nasl-.html display
actual output from a nasl script. All I get when I run nasl on the
command line is "Succes!" or nothing (meaning failure).
Is there a way for the nasl command line tool to actually display the
output from the security_hole() and security_warning() nasl functions?

Richard van den Berg

2007-07-27 12:40:15 UTC

Permalink

Post by Ron Gula
The plugins you are running may be writing to the KB and not directly
reporting.

AFAIK all plugins are writing to the KB, and none of them "report
directly". Common practice is to use security_hole(), security_warning()
or security_note() to do reporting. However, the blog entry made it look
like the nasl command line tool can be used to view the output of a
plugin directly.

Post by Ron Gula
Have you tried tracing them with the -T option
to make sure they are executing correctly?

Yes I did. Tracing with -T shows the plugin works fine.

I'm using Nessus 3.0.5 at the moment.

Sincerely,

Richard van den Berg

Renaud Deraison

2007-07-27 12:45:46 UTC

Permalink

Post by Richard van den Berg

Post by Ron Gula
The plugins you are running may be writing to the KB and not directly
reporting.

AFAIK all plugins are writing to the KB, and none of them "report
directly". Common practice is to use security_hole(),
security_warning()
or security_note() to do reporting. However, the blog entry made it look
like the nasl command line tool can be used to view the output of a
plugin directly.

If the plugin calls security_note() or security_note(port) then you
only get 'Success'. If the plugin calls security_note(port:port,
data:whatever) then you'll get the full output.

Sorry for the confusion,

-- Renaud

ablesambaker

2007-07-27 14:07:52 UTC

Permalink

Team,

I just ran a scan with Nessus 3.06 Suse Linux, Nessus 1.02 Client with
plugins dated 07/24/07 and executed with SMB rights.

The output regarding Windows Patches (MS05-MS07) contradicts the clients
WSUS output reports. In other words, Nessus is reporting the patches missing
but WSUS is indicating just the opposite.

Anybody come across this before? Is it a problem with the clients output,
the server and workstation registry settings or is it Nessus?

I am awaiting a response from the client where I asked that he take about 10
machines and examine the registry entries directly.

I am stumped and the client is looking for answers. Any help would be
appreciated

ASB